I remember reading not too long ago about virus programs that are
computer generated and that conduct a random search for unprotected IP
address' to download to. I was recently talking to some friends who
also shut off their PC when not in use but leave the cable modem
running and connected to speed up the startup process.

The question is are there such virus programs and if they exist what
is the risk factor of being connected for even a brief period of time
without operational protection?

•

I vaguely recall the worst case scenario that you're referring to:
an unpatched and unprotected version of either Windows 2000 or an early
version of Windows XP lasted about 30 seconds after connecting to the
internet before it was infected with a virus.

30 seconds.

Things are better today, but you still want protection. And turning
your machine off isn't really helping.

•

The programs we're talking about aren't computer generated, they've
been written by real people, but they definitely do scan the internet
looking for vulnerable PCs. The scary part is that even after all these
years of warnings, there are a significant number of machines on the
internet that remain unpatched and unprotected.

It's exactly as you've heard: these programs look for machines that
are connected directly to the internet that have not been patched with
the latest updates to correct known vulnerabilities. In some cases, the
vulnerabilities have been known for years, and the patches to correct
the vulnerability have also been available ... for years. And
yet there are unprotected machines out that have been infected in
exactly this way. (Many are now spambots, for example.)

"... these programs look for machines that are
connected directly to the internet that have not been patched with the
latest updates to correct known vulnerabilities."

But from reading that, you can see that the two criteria for getting
infected that way are easily rectified.

"... connected directly to the internet ...". OK,
don't do that. This is extremely easy to fix: get behind a router and
the computers out on the internet can't initiate a connection to your
computer. Problem solved. This is why I so highly recommend a router as
a firewall as it simply eliminates the issue.

Speaking of firewalls, if you can't get a router and must connect
directly to the internet, then you must get a firewall. At a minimum,
enable the Windows firewall already in XP. One of the reasons that
machines don't get infected within 30 seconds of a "naked"
internet connection these days is since Windows XP SP1 the
internet firewall is on by default.

"... that have not been patched ...". Once again,
the solution here is simple: patch. Enable automatic updates, or visit
Windows Update or otherwise take steps to ensure that you're getting
the latest and greatest patches to your operating system as soon as
they come out.

Remember that the availability of a patch does two
things:

Fixes a vulnerability

Announces to the world that the vulnerability exists

Hackers then, having learned of the vulnerability, immediately start
trying to exploit it simply to take advantage of machines that have not
been patched as quickly as possible.

So to answer your question: the risk of being connected to the
internet at any time if you're unpatched and unprotected is very high.
However, if you've been taking updates and have placed your machine
behind a router or firewall, this kind of threat is very easily dealt
with.

In fact, it's what allows me to have several machines safely
connected to the internet 24 hours a day.

Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.

The person that asked the original question seems to be assuming that the computer will be turned off and the cable modem left on. In that case there is no risk of hacking, virus infection, spyware infection or anything else as long as the computer is off.
Most of the modern routers and cable modems have a firewall included in the hardware. If a person's package doesn't include a hardware firewall a router is an extremely good idea.
When that new router is purchased change the password from the default password and you are pretty much protected.
I say pretty much because if a person should allow their antivirus protection to lapse, such as when a subscription is over, then they are vulnerable to any number of malware problems.
People who do allow their subscriptions to lapse will end up having to reformat their computers or will have to pay someone to clean their computer for them.

AG

Bradley
January 6, 2009 10:34 AM

Funny, my original intent was to just say I disagree, I ended up writing a novel, :)
Leo, I enjoy your mailing list, thank you!

"...if antivirus software worked, I would be out of a job..."

I do agree with you about getting patches and updates for your OS, but I must respectfully disagree with the majority of your post.

sure, there are uncountable amounts of viruses out there but the vast majority of them are unable to infect your computer even when using the basic "out of the box" windows security features. people just need to be educated about viruses. if i send to you an e-mail full of viruses, and you open that email, read it, view the photos, etc. you will not be virused, if you visit a website full of viruses, you will not be harmed. 99.99% of the time you have to CLICK and ALLOW a program to run. viruses infect a computer when someone wants that free "click here for free mp3, screen saver, ring tone, game or 100th customer laptop" and the plethora of other garbage the site promises. Also they can get through when a site tricks you into fake updates, "you need the new flash player or video codec to watch/listen/download this, click here to get it"
NEVER click them, if a video site tells you you need the newest flash player, go to flash.com, if a game site tells you that you need the newest java, go to java.com, if a site pops up a window saying you need the newest internet explorer, windows updates or whatever, go to microsoft.com NEVER click the link they offer you because they may have garbage attached.

if a popup appears asking if you want to download a virus, the yes button means yes, and the no button.... well that could mean yes also, do not click them, just open the task manager (CONTROL ALT DEL) and shut that program down.
When antivirus companies spend millions advertising how dangerous the web is, it makes me sick, a little education and people would be much safer. who do you think makes the majority of viruses? ANTI VIRUS companies.

I own a small computer repair business, www.cheapestPCrepair.com and I have been running the same personal computer for about 5 years now. Thats 5 years of myspace, youtube, bittorrents, music and video downloads, online gaming, inserting all types of strangers drives into my system, etc. In that 5 years I have not had trojans, spyware, viruses, or anything similar affect or infect my computer. what antivirus do i use? NOTHING, I do not even have my windows firewall turned on. I am going through a router and that is my suggestion for any readers, and i certainly am NOT suggesting that you go without antivirus software, I am just saying that I have not needed it. here is another thing; if antivirus software worked, I would be out of a job. I hear every day "how could i have viruses? I just paid $80 for Nortons" Well, that's my thoughts on it as well, if antivirus software actualy worked, we wouldnt have so much problem. we need to rely on common sense, we need to stop taking the convenient way and do a little research (spend 5 minutes typing a program or link into google and see other opinions about it before you install/run it).

another problem with most antivirus programs, is the massivley slow your system down and give you tons of popup security warnings and cripple your ability to do some things or get some things to work..... kind of like a virus in the first place.

NOTE: if you do decide to use antivirus software, get the FREE version of Norton and PC Doctor from www.pack.google.com (do not get the google desktop, it's another program that slows your system down) and get the following other tools to keep your system running smooth. free malwarebytes, eusing free registry cleaner and ccleaner. google them.

"An educated computer user has less chance of getting "virused" then a misinformed computer user with the best antivirus protection."

An excellent comment, thank you for your "novel". I do want to clarify a couple of things.

I flat out disagree with this statement: "Who do you think makes the majority of viruses? ANTI VIRUS companies." The majority of viruses these days are actually from spammers and the like attempting to set up botnets. I simply don't buy into the conspiracy theory that anti-virus companies need to "manufacture" a need for their products. There's plenty without 'em.

But by and large I agree with your overall sentiment: user education is required. Heck, it's what Ask Leo! is all about in many ways. The best technology in the world can't save you from yourself. Everyone has a responsibility to use the internet wisely and safely.

That being said, the likelihood of that actually happening across the board is very, very low. Your job is safe. As a result, I believe that the average user does need protection in the form of firewalls (a router is my choice as well), anti-spyware and anti-virus tools. Yes, some of us with sufficient savvy and experience may not need such tools (I use them anyway), but the average user can't always be expected to understand and stay on top of every new form of threat. Basic rules like "don't open attachments from people you don't trust", and "don't click on links" only go so far, particularly when phishing and virus attacks become more and more sophisticated.

But ultimately I totally agree with your closing comment: "An educated computer user has less chance of getting 'virused' then a misinformed computer user with the best antivirus protection."

- Leo07-Jan-2009

Lindsay
January 6, 2009 11:44 AM

I'm inclined to agree with Bradley - most infections seem to be self-induced. But I still run AVAST (free) and Windows Defender, 'just in case'! At least I have now dropped Zone Alarm and just have Vista firewall on, as well as being behind a NAT router, of course.

Roger b
January 6, 2009 1:21 PM

Agree with Bradley!! I have a couple of 'play' machines that I experiment with. When run without anti-virus and anti-spyware, they performed without problems. It has been a experiment, and the machines do run much faster. One note, when I re-installed the windows XP operating system on one (initially) which was at SP1, I did get hit with the 'old' messenger bug, necessitating 'shoot the messenger'. But after I put in SP2, and SP3, it,s run clean.
I don't surf 'trash sites', and do not use these machines with personal info.
For what that's worth, Roger

Ranjith
January 6, 2009 8:02 PM

I fully agree with Bradley.Most of the Viruses are created by Antivirus companies itself coz they are the only people benefiting from a virus infection.Now a days i hate Antivirus softwares more than the virus itself coz they slow the system down.If users r not that vigilant against Bradley's "click" traps they can try "Deep Freeze"which makes use of the virtualisatiion technology.It never slows down(not an iota,coz its not an antiviurs software) while giving a bullet proof protection.No updates,no defragmentation,no missing files,no Windows reinstallation ....
Ranjith

As I replied to Bradley, I flat out disagree with the conspiracy theory that the majority of anti-virus companies being responsible for creating viruses.

- Leo07-Jan-2009

Deborah
January 7, 2009 3:11 AM

There is definitely a risk to surfing the Internet without protection. My elderly dad let his antivirus software expire and he started getting popups, browser redirects and his inbox was inundated with spam. Unfortunately, he fell for one of the rouge antivirus products in the 2009-antispyware family. After paying $59.95, he still got all that annoying stuff, plus alarming reports every 5 seconds saying that his machine was still infected.

It took some work, but we managed to get his computer clean with the help of Malwarebytesí Anti-malware. His ISP had a free McAfee suite available for subscribers in his tier, so we installed that. Then we made sure everything else was updated by running a Secunia scan. And to keep his daily Internet surfing safer we installed Web of Trust. I feel fairly confident now that he is protected. I left detailed instructions and will email reminders for him to run scans.

But after all that, he was furious. He felt violated and hurt by these fraudsters. Being on a fixed income, he was worried about losing the money. He is now waiting for his credit card bill to come in so he can refuse payment and report the scam. I hope he gets satisfaction.

Vern
January 8, 2009 7:17 AM

I agree with Bradley also. Do you really believe that all of this malware is coming from 1000's of people all pissed at Bill Gates. If you believe that then you believe all of Obama's money is legit.

No, as I said in my response to Bradly, I believe that the majority of viruses and spyware are now coming from people trying to make money by setting up botnets to send spam and coordinate other forms of attack. I'm sure the Bill-haters are out there, but they're a much smaller percentage of the cause these days.

- Leo08-Jan-2009

Richard FDisk
January 10, 2009 2:07 PM

No matter how much protection you use, it's still a risky place to be, and it's always going to be a race between the software, OS, & AV updates and the security holes found.
There's no perfect protection except to stay off and never connect to anything but power sockets.
But for the most part the biggest security hole is the space between the mouse, keyboard and the user, even a fully updated system across the board can still get bombed by the newest "Threat" and sometimes an older "Threat" if the user isn't paying attention to how they're searching, clicking, opening, etc.

Kenneth Crook
January 11, 2009 2:21 AM

This article resurfaced a concern of mine. I usually turn on my computer and plug in my DSL modem at the same time, and then go about other business while Windows boots and Norton AntiVirus loads and then Windows and Norton AntiVirus do their updates. The modem is ready several minutes before Windows and Norton AntiVirus are finished loading. In the intervening time is my computer exposed to the internet and any nefarious bugs out on the web? It is a nuisance to turn on the computer and wait for Windows and Norton AntiVirus to load before plugging in my modem.

thisisfutile
January 13, 2009 8:45 AM

The problem with "User Education" as an end-all solution is that it's truly an immense undertaking for a general user to be as educated as Leo, Bradly or myself. We're "geeks" (for lack of a better term) and it takes time to get to that level of understanding. For example, I just had this one from a client...

"How do I know if I'm opening an email attachment...when I highlight the email, it shows automatically...can I get a virus just by highlighting it?!?!"

To the new email user, this thought is common. Heck, it took me a long time to understand that one too. However, how am I to explain this one small facet of computer use? "No, you didn't open the attachment, but by having the auto-preview feature on, you are subjecting yourself to more spam because it's auto-downloading pictures which tell the spammer you exist." This is truth, but they don't understand it. Again, this is just one, tiny detail of Internet/computer use. The common Internet user may go their whole life without learning this level of detail...on this one ... small ... detail. User education will grow on it's own, but they'll never be up to speed with the hackers/spammers. The general user will always be susceptable to frauds as Deborah's unsuspecting and underserving father was.

I had almost the exact same conversation with the owner of the computer I was working on: what does it mean to open an attachment, does preview hurt, and what about those little paperclip icons...

User education is important, but it'll never solve it all.

- Leo14-Jan-2009

Robert M.
January 13, 2009 10:28 AM

Agree absolutely with router protection. Best protection with the lowest performance hit.

After that - all bets are off. Caveat Emptor - click at your own risk! I agree to the point made to get updates only from the source (Flash from Adobe.com, Java from Java.com, etc.).

The greatest appeal of the internet to many is anonymous access - and it could be its downfall. Before clicking or accepting an offer, ask if you know the vendor or can get to the offer through the vendor's home page first.

Sure, once behind a router, one can use the internet without additional protection of anti-virus and anti-spyware software if one knows what one is using!

Happy surfing!

Pavel
January 13, 2009 11:06 AM

First of,I had my anti virus block viruses. If I did not have it I would have been infected and I did not needed to click " allow". Just entering site was enough. Secondly, just correction. The Norton from google is just scanner. It used to remove Spyware but last time I downloaded it it did not and send me to Norton to buy their product in order to remove spyware. As to Spyware Doctor, it is Spyware scanner and has only PARTIAL protection in it's free version. You NEED ANTI VIRUS program and there are some good free ones. As to conspiracy by anti virus companies I cannot disagree strongly enough.

O.A. Orcan
January 15, 2009 12:38 AM

Although I am not an IT specialist by profession, I have been involved in computer programming and hardware utilization for 35 years. I have my children and many friends who keep me busy with PC and software related problems.
Recently I tested one router in a friend's company and got through it and the additional protection software within minutes. I'm sure some other people could do the same. The company I work for has all the hardware and software based protection available and I still observed my computer would have been in trouble three times within 18 months because of malware getting through against all the company security measures (but not through my firewall, two antivirus, two anti-malware and composite & blackhole list utilities, etc.); all updated daily.
This means no matter what external resources are available for somebody, additional measures like a firewall, antivirus and other anti-malware programs are absolutely required as one can't always be on guard too, even if he/she is a specialist.
Also, not too many people are aware of the fact that a firewall is needed especially against info getting out of oneís own computer. Even an operating system or software might send some sensitive data unless a firewall is there to warn that something funny is going to happen if it isnít blocked. Same is true when one visits a website in some other ways. Many spam messages might appear after one tries a piece of software, visits a website or just ticks a box. Among other things, I have seen time limited or trial software trying to send a list of websites visited, a list of software, multimedia content I have in my PC and even found out some code trying to access S/Nís in one case. A firewall is definitely needed and its rules have to be carefully defined. Donít forget that even after a PC is compromised, a good firewall will still catch outgoing rewards for a spammer, hacker, etc, let you block it and also let you know where to take action in your system.

Bradley
January 17, 2009 1:25 PM

Hi everyone, I never would have expected so many people to comment on my comment, I am very glad it sparked some interesting conversation.

Leo, thanks for your response.

Here is why I believe so many viruses and malware come from the anti virus companies.

1. first and foremost: 8 times out of 10 there is an advertisement for the specific anti virus package you "need" built right into the virus! what if your windshield was broken and attached to it was a sticker that told you where to get it fixed, if it happened often enough you would have to assume that the fixer was the breaker.

2. there are virus writers who are sitting on yachts earning millions and millions of dollars just from writing viruses, some of this money goes for mafia and organized gangs, some goes for terrorist activities and weaponry and some (thank you Nigeria) goes to help small guerrilla factions - oh yeah, and some just goes into the pockets of of very wealthy black-hats.

here is an analogy: Say Leo owned "Leo's Tire Repair Service" every day he can throw rusted bent nails out his car window and some people might get flat tires, some of those people might come to his shop (especially if he had a billboard nearby) and so he is increasing his possible income without investing anything (except free, rusted bent nails) NOW lets take that same nefarious story and put it towards a much more lucrative venture. You write a virus, lets call it "Windows Ultimate Killer 2009" then you put the removal tool for it on the internet at $45 per download and advertise it all over the place so anyone who googles that virus will see YOUR sites. Then through the power of multiplication (infect 2 computers who each infect 2 who each infect 2, etc etc) you eventually infect 1 million computers. now if only 1% (more likely 50% or more) of those infected people decide to get an anti virus program, that's 100 thousand people, if only 1% of THOSE people (remember your adverts are the only ones all over the web guaranteeing removal) decide to buy YOUR anti virus removal tool, that's 10 thousand people who pay $45 for your anti virus little de-ransomware tool. you just made $450,000 dollars without having to invest anything but a little time. NOW, here is the kicker, instead of 1 virus, you make 300 (hell, just rename some of the existing ones or change the formula a bit, you already have the source code) and instead of infecting 1 million computers, infect 5 million or more, and hell, infect some of the same ones again with a different virus after they pay for your removal tool, thats a common thing. anyway, my point is, that virus creation and removal go hand in hand and it is an amazingly lucrative business that takes little to no $$ investment to start. just infect a server at a university in France from a computer in Germany being operated by a terminal in Japan which is using a hijacked connection and it will take years for them to track it to that coffee shop in Switzerland where you are never going to go back to anyway OR just pay the IT guy at some school or business to allow his servers to be compromised.

It is not a conspiracy theory, it is a fact. Viruses are just about the most lucrative business on the net and the ones you really have to worry about are the ones you do not know you have. when your system is infected with a clever virus, it will not slow you down or give you popups or give you any indication that you have a problem, but at 3am it's passing it's gunk around to every other system it can, getting on your CDs and thumb drives, getting into your email, etc, then on a certain date or some pre-determined action, >BAM

•

Comments on this entry are closed.

If you have a question, start by using the search box up at the
top of the page - there's a very good chance that
your question has already been answered on Ask Leo!.